pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/courier-authlib

Module Name:    pkgsrc
Committed By:   obache
Date:           Thu Jul  2 12:23:44 UTC 2009

Modified Files:
        pkgsrc/security/courier-authlib: Makefile PLIST distinfo
        pkgsrc/security/courier-authlib/patches: patch-aa patch-ab

Log Message:
Update courier-authlib to 0.62.2.
Include security fix for CVE-2008-2380 and requested by PR#41023
(approved by wiz@).


This release corrects a makefile compatibility problem with bash 4.


This release correct a couple of minor compiler warnings and errors.

  * cryptpassword.c: Fix compiler warnings

  * checkpasswordsha1.c: Fix compiler warnings.

  * authldaplib.c (auth_ldap_enumerate): Fix typo.


This release adds support for additional hash functions, and an
update to the Postgres driver that removes potentional SQL injection
vulnerabilities in some circumstances.

  * authpgsqllib.c: Use PQescapeStringConn() instead of removing all
    apostrophes from query parameters. This fixes a potential SQL injection
    vulnerability if the Postgres database uses a non-Latin locale.

  * Added support for {SSHA}-encrypted passwords. Based on a patch
    by Zou bin <>.

  * Added support for {SHA512} hash function

To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 pkgsrc/security/courier-authlib/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/courier-authlib/PLIST
cvs rdiff -u -r1.12 -r1.13 pkgsrc/security/courier-authlib/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/courier-authlib/patches/patch-aa
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/courier-authlib/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index